41 lines
1.0 KiB
Markdown
41 lines
1.0 KiB
Markdown
# ufw
|
|
|
|
### read logs
|
|
```
|
|
sudo dmesg | grep '\\[UFW'
|
|
```
|
|
|
|
### interactions
|
|
|
|
```bash
|
|
ufw allow from 172.19.0.2/32 to any port 443
|
|
```
|
|
|
|
|
|
### docker config in /etc/ufw/after.rules
|
|
|
|
https://stackoverflow.com/questions/30383845/what-is-the-best-practice-of-docker-ufw-under-ubuntu
|
|
|
|
|
|
```bash
|
|
# BEGIN UFW AND DOCKER
|
|
*filter
|
|
:ufw-user-forward - [0:0]
|
|
:DOCKER-USER - [0:0]
|
|
-A DOCKER-USER -j RETURN -s 10.0.0.0/8
|
|
-A DOCKER-USER -j RETURN -s 172.16.0.0/12
|
|
-A DOCKER-USER -j RETURN -s 192.168.0.0/16
|
|
|
|
-A DOCKER-USER -j ufw-user-forward
|
|
|
|
-A DOCKER-USER -j DROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16
|
|
-A DOCKER-USER -j DROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8
|
|
-A DOCKER-USER -j DROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12
|
|
-A DOCKER-USER -j DROP -p udp -m udp --dport 0:32767 -d 192.168.0.0/16
|
|
-A DOCKER-USER -j DROP -p udp -m udp --dport 0:32767 -d 10.0.0.0/8
|
|
-A DOCKER-USER -j DROP -p udp -m udp --dport 0:32767 -d 172.16.0.0/12
|
|
|
|
-A DOCKER-USER -j RETURN
|
|
COMMIT
|
|
# END UFW AND DOCKER
|
|
``` |